Unread posts New replies My topics My posts
Pages: [1]
*

Olivier2445

  • *
  • 1 posts
hacked, a bot is spamming my osclass and adding users
« on: December 01, 2023, 02:53:08 PM »
Since a month and more frequently now, a bot is spamming my server and my custom oslcass install

Somehow he manages to insert Users into my database (register form protected by capcha) , always a different IP and with autocreated Gmail adresses.

The users are then validated by bot also after email reception.

I got logs if anyone wants to help, this is so annoying to clean my database every single day..... :(


Creation of the user, i guess : ( i don't use Wordpress!  )

Url: [xxxxxx.com/wp-login.php]
Remote connection: [23.105.144.9:59319]
Headers: [array (
  'Host' => 'figxxxom',
  'User-Agent' => 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36',
  'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
  'Accept-Language' => 'en-US,en;q=0.5',
  'Accept-Encoding' => 'gzip, deflate, br',
  'DNT' => '1',
  'Referer' => 'xxxxx.com/wp-login.php?action=register',
  'Origin' => 'igxxxuxxxxxxxxts.com',
  'sec-ch-ua' => '".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"',
  'sec-ch-ua-mobile' => '?0',
  'sec-gpc' => '1',
  'sec-ch-ua-platform' => '"Windows"',
  'BN-Frontend' => 'captcha-https',
  'X-Forwarded-Port' => '443',
  'X-Forwarded-Proto' => 'https',
  'BN-Client-Port' => '41715',
   'X-Forwarded-For' => '23.105.144.9',
)]
Get data: [Array
(
    [action] => register
)
]




Url: [fm/oc-content/themes/bender/css/font-awesome.min.css]
Remote connection: [147.160.184.91:37169]
Headers: [array (
  'Host' => 'fixxxom',
  'accept-language' => 'en',
  'user-agent' => 'Mozilla/5.0 (Linux; Android 10; ELE-AL00 Build/HUAWEIELE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/88.0.4324.93 Mobile Safari/537.36',
  'accept' => 'text/css,*/*;q=0.1',
  'sec-fetch-site' => 'same-origin',
  'sec-fetch-mode' => 'no-cors',
  'sec-fetch-dest' => 'style',
  'referer' => 'httpxxxxxxxr_i18924',
  'accept-encoding' => 'gzip, deflate, br',
  'host' => 'figxxxm',
  'cookie' => 'osclass=s80plp556akf59i8jnfepah9l5',
  'BN-Frontend' => 'captcha-https',
  'X-Forwarded-Port' => '443',
  'X-Forwarded-Proto' => 'https',
  'BN-Client-Port' => '30286',
  'X-Forwarded-For' => '147.160.184.91',
)]
Get data: [Array
(
    [75652] =>
)
]



Result is an entry like this ( see attached)


I could really use some help here

Logged
*

Ajit Sahane

  • ****
  • 177 posts
  • https://bestclassifiedsusa.com
Re: hacked, a bot is spamming my osclass and adding users
« Reply #1 on: January 13, 2024, 07:40:12 PM »
use buttler plugin to remove inactive, spammy users & ads. auto cron setup.
Logged
*

MB Themes

Re: hacked, a bot is spamming my osclass and adding users
« Reply #2 on: January 14, 2024, 07:58:07 AM »
Yeah often these bots are able to validate account & listing.
I recomment Anti-Spam Plugin, can help best + try to use Cloudflare to filter few bots.
Logged
  To get fast support, we need following details: Detail description, URL to reproduce problem, Screenshots
Pages: [1]